API Guides

class Cookies

Ruby on Rails 3.2.22.5

Since v3.0.20

Available in: v3.0.20 v3.1.12 v3.2.22.5 v4.0.13 v4.1.16 v4.2.9 v5.2.8.1 v6.0.6 v6.1.7.10 v7.0.10 v7.1.6 v7.2.3 v8.0.4 v8.1.2

Cookies are read and written through ActionController#cookies.

The cookies being read are the ones received along with the request, the cookies being written will be sent out with the response. Reading a cookie does not get the cookie object itself back, just the value it holds.

Examples for writing:

# Sets a simple session cookie.
# This cookie will be deleted when the user's browser is closed.
cookies[:user_name] = "david"

# Assign an array of values to a cookie.
cookies[:lat_lon] = [47.68, -122.37]

# Sets a cookie that expires in 1 hour.
cookies[:login] = { :value => "XJ-122", :expires => 1.hour.from_now }

# Sets a signed cookie, which prevents a user from tampering with its value.
# The cookie is signed by your app's <tt>config.secret_token</tt> value.
# Rails generates this value by default when you create a new Rails app.
cookies.signed[:user_id] = current_user.id

# Sets a "permanent" cookie (which expires in 20 years from now).
cookies.permanent[:login] = "XJ-122"

# You can also chain these methods:
cookies.permanent.signed[:login] = "XJ-122"

Examples for reading:

cookies[:user_name] # => "david"
cookies.size        # => 2
cookies[:lat_lon]   # => [47.68, -122.37]

Example for deleting:

cookies.delete :user_name

Please note that if you specify a :domain when setting a cookie, you must also specify the domain when deleting the cookie:

cookies[:key] = {
  :value => 'a yummy cookie',
  :expires => 1.year.from_now,
  :domain => 'domain.com'
}

cookies.delete(:key, :domain => 'domain.com')

The option symbols for setting cookies are:

  • :value - The cookie’s value or list of values (as an array).

  • :path - The path for which this cookie applies. Defaults to the root of the application.

  • :domain - The domain for which this cookie applies so you can restrict to the domain level. If you use a schema like www.example.com and want to share session with user.example.com set :domain to :all. Make sure to specify the :domain option with :all again when deleting keys.

    :domain => nil  # Does not sets cookie domain. (default)
:domain => :all # Allow the cookie for the top most level
                  domain and subdomains.

  • :expires - The time at which this cookie expires, as a Time object.

  • :secure - Whether this cookie is a only transmitted to HTTPS servers. Default is false.

  • :httponly - Whether this cookie is accessible via scripting or only HTTP. Defaults to false.

Inherits from

Object

Namespace

Classes

Constants

Methods (defined here)

Methods (inherited)

From Object (18)

Type at least 2 characters to search.

↑↓ navigate · open · esc close